As part of Mandatory Security Improvements we are implementing some measures you should be aware of on payment-connected pages. This document is meant for informational purposes only and requires no action from you.
Please note: This only applies to systems that use our ecommerce ecommerce solution.
All relevant sites will have this enabled by end of July 2025.
Please note: If necessary for any valid reason, these features can be temporarily switched off upon request.
Order Review page (right before payment) - postage.php
Adyen payment page
Amex PWBT payment page
On these pages we are implementing a few key aspects:
a Content Security Policy (CSP) that is:
restrictive enough as to prevent code execution from unknown sources / domains and dynamic addition of unexpected inline styles and scripts.
yet permissive enough to ensure we are not blocking expected functionality
Google Tag Manager being disabled for these payment-connected pages due to security considerations
this is mandatory due to the fact that GTM allows resources to be added without our control which poses a risk
this means that tracking via 3rd party or GA4 will not be available on these pages